Open Bug 354677 Opened 18 years ago Updated 10 years ago

LDAPfilter info/example addition in docs

Categories

(Bugzilla :: Documentation, enhancement, P3)

Product:
Bugzilla
Component:
Documentation
Type:
enhancement

Tracking

()

People

(Reporter: kenneth.garland, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7

Just put a simple info line in the docs with all the others about LDAP for LDAPfilter.

something like this:

LDAPfilter
          The LDAPfilter are attributes set that allow or disallow groups or people access to the bugzilla interface based on LDAP filters. You can use a single attribute or multiple with the LDAP AND operand.

          Ex. "(title=Developer)" or "(&(title=Developer)(employeeStatus=Active))"

Reproducible: Always

Steps to Reproduce:
1.read the docs
Yes, this would be great to have.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Bugzilla 4.2 and 4.4 documentation is still missing any mention of the LDAPfilter option.

A quick websearch brings up many unsubstantiated replies and questions of the form "what is the LDAPFilter syntax".
A common request is to filter legal users by a LDAP group.

A few sparse replies point to the syntax for this being:
(memberOf=cn=bugzilla,ou=applications,dc=company,dc=com)

This does not work for a number of people.  
Investigating this further, the flavor of LDAP server is highly dependant.
OpenLDAP didn't add "memberOf" attributes until 2.4 using an overlay
http://www.openldap.org/doc/admin24/appendix-changes.html

RedHat 5.x, and hence Centos and Scientific Linux 5.x, are all stuck on OpenLDAP 2.3.x.
https://bugzilla.redhat.com/show_bug.cgi?id=694901

It may work better for Microsoft flavors of LDAP, but that leaves a large number of users (me too) stuck with LDAP servers that cannot be used to provide conditional Bugzilla access with the current LDAPFilter parameter system.

Please add this to the docs.
Hi,

Can someone help craft the default of "LDAPfilter" to be any user in LDAP that has an email?

Currently, I am using bugzilla with a Active Directory backend for authentication.
I try to use syncLDAP.pl to pre-populate the users, but the contrib module keeps bombing out because it was expecting a value in email parameter, but there issnt one.
You need to log in before you can comment on or make changes to this bug.